Self-Registration Portal Cisco ISE 1.3 Keeps Going Back to Auth Page
We upgraded our Cisco ISE from 1.2.x to 1.3.x. The migration was successful, and everything appears to be correct. I see that our customized portals were brought over as well. We've created a new customized guest portal. We've updated the authorization profile to reflect the new portal. When a user goes through the process of registering, they register successfully, and then use the registration information to sign in successfully. However, when they attempt to browse to a web page, they are redirected right back to the authentication page. I've checked the SSID. It's set for L2 mac-filtering, Radius NAC, and for our ISE ACL. For the authentication security, CoA is enabled. When the upgrade was completed, I did follow all of the post-migration tasks. Can anyone give me any ideas why users are being redirected right back to the auth screen, once successfully authenticating, and not able to get to any internet sites? Thanks for your help!
Salodh,
Thank you so much for the quick reply! Please find the export below:
<?xml version="1.0" encoding="UTF-8"?>
@namespace html url(http://www.w3.org/1999/xhtml); :root { font:small Verdana; font-weight: bold; padding: 2em; padding-left:4em; } * { display: block; padding-left: 2em; } html|style { display: none; } html|span, html|a { display: inline; padding: 0; font-weight: normal; text-decoration: none; } html|span.block { display: block; } *[html|hidden], span.block[html|hidden] { display: none; } .expand { display: block; } .expand:before { content: '+'; color: red; position: absolute; left: -1em; } .collapse { display: block; } .collapse:before { content: '-'; color: red; position: absolute; left:-1em; }
<Root>
<!--This section describes the Policy-Sets configured in ISE-->
<PolicySets> <PolicySet name="Wired" description=""> <Conditions relationship="OR"> <Condition name="Wired_MAB" type="REUSABLE_COMPOUND"/> <Condition name="Wired_802.1X" type="REUSABLE_COMPOUND"/> </Conditions> <Authentication> <rules> <rule name="Default" status="Enabled"> <Conditions/> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult name="Internal Endpoints"> <IdentitySource name="Internal Endpoints" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>CONTINUE</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> </rules> </Authentication> <Authorization> <StandardRules> <rule name="Default" status="Enabled"> <Conditions/> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="PermitAccess" type="Standard"/> </rule> </StandardRules> <LocalExceptionRules/> </Authorization> </PolicySet> <PolicySet name="Wireless" description=""> <Conditions relationship="OR"> <Condition name="Wireless_MAB" type="REUSABLE_COMPOUND"/> <Condition name="Wireless_802.1X" type="REUSABLE_COMPOUND"/> </Conditions> <Authentication> <rules> <rule name="Wireless Users" status="Enabled"> <Conditions relationship="AND"> <Condition name="Wireless_802.1X" type="REUSABLE_COMPOUND"/> </Conditions> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult name="AD1"> <IdentitySource name="AD1" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>REJECT</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> <rule name="Default" status="Enabled"> <Conditions/> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult name="Internal Endpoints"> <IdentitySource name="Internal Endpoints" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>CONTINUE</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> </rules> </Authentication> <Authorization> <StandardRules> <rule name="Internal-Users-KMTMACHINE" status="Enabled"> <Conditions relationship="AND"> <Condition name="WLAN-User" type="REUSABLE_COMPOUND"/> </Conditions> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="WLAN-PERMITALL" type="Standard"/> </rule> <rule name="Internal-Users-MDM" status="Enabled"> <Conditions relationship="AND"> <Condition name="WLAN-User" type="REUSABLE_COMPOUND"/> <Condition name="WLAN-UserMDM" type="REUSABLE_COMPOUND"/> </Conditions> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="WLAN-PERMITALL" type="Standard"/> </rule> <rule name="Internal-Users-NONMDM1" status="Enabled"> <Conditions relationship="AND"> <Condition name="WLAN-User" type="REUSABLE_COMPOUND"/> <Condition name="WLAN-NotMDM" type="REUSABLE_COMPOUND"/> </Conditions> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="WLAN-PERMITONLYINTERNET" type="Standard"/> </rule> <rule name="Guest" status="Enabled"> <Conditions relationship="AND"> <Condition type="ADHOC">DEVICE:Device Type EQUALS All Device Types#Wireless</Condition> </Conditions> <identityGroups> <identityGroup name="Guest" type="User Identity Groups"/> </identityGroups> <Result name="Internet-Only" type="Standard"/> </rule> <rule name="Guest-CWA" status="Enabled"> <Conditions relationship="AND"> <Condition type="ADHOC">DEVICE:Device Type EQUALS All Device Types#Wireless</Condition> </Conditions> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="Guest-CWA" type="Standard"/> </rule> <rule name="Default" status="Enabled"> <Conditions/> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="DenyAccess" type="Standard"/> </rule> </StandardRules> <LocalExceptionRules/> </Authorization> </PolicySet> <PolicySet name="Default" description="Default Policy Set"> <Conditions/> <Authentication> <rules> <rule name="MAB" status="Enabled"> <Conditions relationship="OR"> <Condition name="Wired_MAB" type="REUSABLE_COMPOUND"/> <Condition name="Wireless_MAB" type="REUSABLE_COMPOUND"/> </Conditions> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult name="Internal Endpoints"> <IdentitySource name="Internal Endpoints" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>REJECT</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> <rule name="Dot1X" status="Enabled"> <Conditions relationship="OR"> <Condition name="Wired_802.1X" type="REUSABLE_COMPOUND"/> <Condition name="Wireless_802.1X" type="REUSABLE_COMPOUND"/> </Conditions> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult> <IdentitySource name="Internal Users" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>REJECT</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> <rule name="Default" status="Enabled"> <Conditions/> <Result name="Default Network Access" type="AllowedProtocolServices"/> <IdentitySourceRules> <rule name="Default" status="Enabled"> <Conditions/> <IdentitySourceResult> <IdentitySource name="Internal Users" type="IdentityStore"/> <AuthenFailed>REJECT</AuthenFailed> <UserNotFound>REJECT</UserNotFound> <ProcessFailed>DROP</ProcessFailed> </IdentitySourceResult> </rule> </IdentitySourceRules> </rule> </rules> </Authentication> <Authorization> <StandardRules> <rule name="Wireless Black List Default" status="Enabled"> <Conditions relationship="AND"> <Condition name="Wireless_Access" type="REUSABLE_COMPOUND"/> </Conditions> <identityGroups> <identityGroup name="Blacklist" type="Endpoint Identity Groups"/> </identityGroups> <Result name="Blackhole_Wireless_Access" type="Standard"/> </rule> <rule name="Profiled Cisco IP Phones" status="Enabled"> <Conditions/> <identityGroups> <identityGroup name="Cisco-IP-Phone"/> </identityGroups> <Result name="Cisco_IP_Phones" type="Standard"/> </rule> <rule name="Profiled Non Cisco IP Phones" status="Enabled"> <Conditions relationship="AND"> <Condition name="Non_Cisco_Profiled_Phones" type="REUSABLE_COMPOUND"/> </Conditions> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="Non_Cisco_IP_Phones" type="Standard"/> </rule> <rule name="Default" status="Enabled"> <Conditions/> <identityGroups> <identityGroup name="Any"/> </identityGroups> <Result name="PermitAccess" type="Standard"/> </rule> </StandardRules> <LocalExceptionRules/> </Authorization> </PolicySet> <GlobalExceptions> <rules/> </GlobalExceptions> </PolicySets>
<!--This section describes the Reusable Conditions configured in ISE-->
<ReusableConditions> <Authentication> <Compound> <condition name="Wired_MAB" description="A condition to match MAC Authentication Bypass service requests from Cisco Catalyst Switches" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Call Check</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Ethernet</Condition> </condition> <condition name="Wireless_MAB" description="A condition to match MAC Authentication Bypass service requests from Cisco Wireless LAN Controller" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Call Check</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Wireless - IEEE 802.11</Condition> </condition> <condition name="Wired_802.1X" description="A condition to match an 802.1X based authentication requests from Cisco Catalyst Switches" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Framed</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Ethernet</Condition> </condition> <condition name="Wireless_802.1X" description="A condition to match an 802.1X based authentication request from Cisco Wireless LAN Controller" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Framed</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Wireless - IEEE 802.11</Condition> </condition> <condition name="Switch_Local_Web_Authentication" description="A condition to match authentication requests for Local Web Authentication from Cisco Catalyst Switches" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Outbound</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Ethernet</Condition> </condition> <condition name="WLC_Web_Authentication" description="A condition to match authentication requests for Web Authentication from Cisco Wireless LAN Controller" relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Login</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Wireless - IEEE 802.11</Condition> </condition> </Compound> </Authentication> <Authorization> <Compound> <condition name="Wired_802.1X" description="Default condition used to match an 802.1X based authentication requests from Cisco Catalyst Switches." relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Framed</Condition> <Condition type="ADHOC">Radius:NAS-Port-Type EQUALS Ethernet</Condition> </condition> <condition name="Wired_MAB" description="Default condition used to match MAB Authentication Bypass service requests from Cisco Catalyst Switches." relationship="AND"> <Condition type="ADHOC">Radius:Service-Type EQUALS Call Check</Condition> <Condition type="
Similar Messages
-
Why does my ipod touch 4gen keeps going back to home page when browsing on the apps store
Why does my Ipod touch 4 generation keeps going back to home page when browsing in the apps store.
I called apple 5 times today and asked me to restore it 3x the problem still exists. This problem starts to occur yesterday after upgrading to IOS6.
Apple customer service is not good enough as they cannot fixed the problem or tell me that I can change the unit as I just bought this 2 months ago.Because there is a bug in iOS 6 that effects the 4G iPod touch.
https://discussions.apple.com/thread/4319809?tstart=0 -
Why do i have to keep going back to home page in my e-mail
When Im on a web page in e-mail and I go to another from my email why do I have to keep going back to home button to get back to email?
Get back to where?
-
Hey my iPod won't stay on a game im playing or apps I open and sarfi keeps
Try closing all apps via the taskbar and then see if they then stay open : from the home screen (i.e. not with any app 'open' on-screen) double-click the home button to bring up the taskbar, then press and hold any of the apps on the taskbar for a couple of seconds or so until they start shaking, then press the '-' in the top left of each app to close them, and touch any part of the screen above the taskbar so as to stop the shaking and close the taskbar.
For Safari you could also try clearing its cache, cookies and history via Settings > Safari
If that doesn't work then you could try a soft-reset : press and hold both the sleep and home buttons for about 10 to 15 seconds (ignore the red slider), after which the Apple logo should appear - you won't lose any content, it's the equivalent of a reboot. -
Hi,
My newest Apple TV which I bought on Amazon finally arrived and worked for 2 days. Now all of a suudden it is refusing to load the main page to select movies, radio, netflix etc. All I am getting is a page saying homesharing with only an option to select Computers of Settings. I have reset the Apple TV, restored it but nothing...it keeps going back to this page saying computers and settings. I've tried updating the software as well but after 30 minutes or so it tells me software update was unsuccessful and to go to settingsand choose restore and the loop begins? Is it permanently broken?I had the same issue Berry. What worked for me was going to the General Settings and doing a reset from there. I got all my apps back but had to re-enter all my information for iTunes, Netflix, Hulu etc...
Hope it works for you too! -
i downloaded firefox and said to import my favorites and stuff from my qwest homepage and can't find them . I have no tool box on any of my pages that I can drop down that says import. not on my old homepage or the firefox page. Help, i dont want to have to keep going back and forth
You can usually find the imported IE Favorites in a folder ("From Internet Explorer") at the bottom of the Bookmarks Menu folder (Bookmarks > Organize Bookmarks).
If you can't find them in the "From Internet Explorer" folder then try this:
* Export the favorites in IE to an HTML file (bookmarks.html): File > Import and Export
* Import the HTML file in Firefox: Bookmarks > Organize Bookmarks > Import & Backup > Import HTML: From File
See also:
* http://kb.mozillazine.org/Import_bookmarks ("Import from another browser" and "Import from file") -
i cant seem to sign in to facetime,ive put my email add in and my password but it just keeps going back to sign in ???
Welcome to the Apple Community.
Are you getting any messages about date and time.
Have you tried restarting the Apple TV by removing ALL the cables for 30 seconds.
Are you connected to the network correctly. -
their login page does not recognize my entry. Just keeps going back to page and says logon. It does work on Internet Explorer but not Firefox.
This - http://www.google.com/firefox - is the old Firefox Start Page used by the Firefox 3.6 and earlier versions of Firefox, I don't think it is being maintained.
Starting with the Firefox 4 version, Firefox is using a "local" Start Page with the address of '''about:home'''. It looks similar to the old Start Page, but it isn't exactly the same. -
Haven't used my Ipad for some time. Switched it on andup came énter PASSCODE''. I entered the correct Passcode and hit DONE but it just
keeps going back to énter Passcode'and wont let me go any further. Can anyone assist please with a reason for this and/or how to be able to get in.
Thanks.
Margii13http://support.apple.com/kb/ht1212
-
My IPAD keeps going back to the main menu screen everytime I try to access my email or FB or intertnet
Try this:
1. Double-click the Home button and hold apps in the Task Bar down until they all wiggle then tap the minus sign to close apps. Tap the home button to return to Home screen.
2. Hold the Sleep/Wake and Home button down until you see the Apple Logo. -
What is going on with itunes update? I keep getting the message that updates are available for itunes, safari and icloud, but when I accept the terms and conditions and the install 3 items message, it keeps going back to telling me there are 3 updates available and have to accept terms and conditions again without it ever installing!! I am using a PC with windows vista. Have not had this problem till December when I got an ipad and had icloud installed, don't know if there is a connection.
I can't offer any help but it soulds like Apple goofed with the latest update. Many of us have the same problem. I may wait a week or so to see if Apple responds.
-
Apple TV keeps asking me to enter my security code and I do and it keeps going back to the security code screen even tho my security code is correct and verified.
Click here and request assistance.
(91679) -
I have given my iPad and iPhone to my wife, she has synchronized with her Apple ID but it keeps going back to my Apple ID when she tries to purchase something in iTunes. Do I need to deregister the device and register it in her Apple ID?
What id shows at the bottom of the Featured tabs in the App Store apps on the two devices ? If they still show your account id then try tapping on the id and log out of it and your wife can then try logging in with her account.
Any content that is already on them that was downloaded by your account will remain tied to your account, so only your account will be able to download updates to your apps. -
my new email and new password is set up on i tones and not on my iphone 4 but under settins show my new email but my updates wont allow me to update it keeps going back to the old email and i dont use it any more
Did you change the email associated with your Apple ID or create a new Apple ID?
The former simply requires signing out of the iTunes store and back in with the new credentials.
The later is a waste of time as content acquired via iTunes is permanently tied to the Apple ID it was acquired with. -
Ipad 2 keeps going back to the restore screen even after being connected to itunes
I updated to the new operating system and updated itunes, but my ipad keeps going back to the start screen to set up. Any ideaS?
Connect to iTunes and restore.
Maybe you are looking for
-
Accounting of POP (advertise) materials
Dear All, We are purchasing advertising materials from outside vendors at manufacturing plant and sending these materials to sales offie and then these material are being delivered to the customers as free of cost.Right now only purchase activity has
-
Hello Friends We recently found out that we will need a third party drop ship scenario . Could anyone guide me create this scenario in one of our clients for demo? How is this possible ? Regards
-
Crystal reports converting varchar 254 to memo data type
Hi All, We are still using Seagate Crystal Reports 7.5 for some of our reporting. I have a problem that hopefully someone can help with. One of our connections is to ODBC- AR System ODBC Data Source. In that data source there are fields defined as va
-
I wanted to create a single dvd of a home movie I created in iMovie that is about 1 hour long. When I brought it into iDVD5 I got the error that "the duration of your project is too long" or something similar. Is there a time length I should be shoot
-
Was reading book on iPad Pop up asked if I wanted to upgrade- probably stupidly I agreed- now iPad screen is frozen with ITunes symbol and image of charger cord on screen- tried turning it off - no help.